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SIU, Administrative Patent Judge. 



DECISION ON APPEAL 



This is an appeal under 35 U.S.C. § 134(a) from the Examiner's final 
rejection of claims 1-61 and 72-87. Claims 62-71, 88, and 89 are canceled. 
We have jurisdiction under 35 U.S.C. § 6(b). 

We affirm. 
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STATEMENT OF THE CASE 
The invention relates to security in switching and routing 
environments (Spec. 1, f [0001]). 

Independent claim 1 is illustrative: 



1. A method of operating a secure network having 
plurality of network nodes, each node comprising one or 
more ports, the method comprising the steps of: 

locating one or more nodes in a secure location; 

locating one or more nodes in a less secure location; 

communicating selected management information from a 
primary configuration node to all other nodes in the 
secure network, said communicating having the sub-steps 
of, 

a first port on a first node sending said 
management information to a second port on a 
second node via a communication media 
exclusively shared by said first port and said 
second port; 

allowing no management access to said secure 
network from nodes located in said less secure 
locations; 

determining a first list of nodes that may send or 
receive substantive communication in the secure 
network; and 

prior to substantive communication between any 
two directly-connected ports, authenticating a link 
between said directly connected ports. 



(App Br. 30, Claims Appendix). 

The Examiner relies on the following references as evidence in 
support of the rejection: 



Fischer 
Sudama 



US 5,422,953 
US 5,619,657 



Jun. 6, 1995 
Apr. 8, 1997 
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Thapar US 5,694,615 Dec. 2, 1997 

FIPS PUB 196, Entity Authentication Using Public Key 
Cryptography, National Institute of Standards and Technology, pp. 1-50, 
Feb. 18, 1997 ("FIPS"). 

Applicant admitted prior art, Spec. 2 f [0005] ("AAPA"). 

The Examiner rejected the claims as follows: 

1. Claims 1-61, 72, and 76-78 are under 35 U.S.C. § 112 second 
paragraph as being indefinite. 

2. Claims 1-13, 17-19, 35-47, 51-53, and 73 under 35 U.S.C. § 102(b) 
as being anticipated by Sudama. 

3. Claims 14-16, 20, 21, 48-50, 54, and 55 under 35 U.S.C. § 103(a) 
as being unpatentable over Sudama. 

4. Claims 22-31, 33, 34, 56-61, and 76-87 under 35 U.S.C. § 103(a) as 
being unpatentable over Sudama and FIPS. 

5. Claim 32 under 35 U.S.C. § 103(a) as being unpatentable over 
Sudama, FIPS, and Fischer. 

6. Claims 72 and 74 under 35 U.S.C. § 103(a) as being unpatentable 
over Sudama and Thapar. 

7. Claim 75 under 35 U.S.C. § 103(a) as being unpatentable over 
Sudama and AAPA. 

ISSUES 

Based on Appellants' arguments and the Examiner's findings, we 
identify the following issues: 

1. Did the Examiner err in concluding that claims 1-61, 72, and 
76-78 are indefinite? 
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2. Did the Examiner err in finding that Sudama discloses 
limitations recited in claims 1-13, 17-19, 35-47, 51-53, and 73? 

3. Did the Examiner err in finding that Sudama and one of FIPS, 
Fischer, Thapar, or APA discloses or suggests claims 14-16, 20-31, 33, 34, 
48-50, 54-61, 72, and 74-87? 

FINDINGS OF FACT 
The following Findings of Fact (FF) are shown by a preponderance of 
the evidence. 

1. Sudama discloses that a "global database maintains and provides a 
list of hosts for performing specified functions, the hosts' designated 
management servers and trusted routing paths between the 
management servers" (col. 5, 11. 21-24). "A transmission between two 
management servers in a network will not occur unless the sender and 
receiver of the request are determined by each other to be valid parties 
for executing the transmission of the request" (col. 5, 11. 37-40). The 
database also "provides a namespace which stores host names 
associated with specified management services as well as designated 
management servers for the specified hosts" (col. 8, 11. 38-41). 

2. Sudama discloses a hierarchy illustrating a "network configuration 
of four (4) networked systems, S1-S4 .... Each system S contains a 
single management server M and one or more hosts C" (col. 8, 11. 46- 
49; fig. 2). "Management operations can follow a trusted path 
downstream from M 1 to M4, however, no trusted path exists for 
routing management operations upstream" (col. 8, 11. 52-55). 
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PRINCIPLES OF LAW 

The test for definiteness under 35 U.S.C. § 112, second paragraph is 
whether "those skilled in the art would understand what is claimed when the 
claim is read in light of the specification." Orthokinetics, Inc. v. Safety 
Travel Chairs, Inc., 806 F.2d 1565, 1576 (Fed. Cir. 1986) (citations 
omitted). 



ANALYSIS 

(1) Indefiniteness rejection 

The Examiner finds that the terms "secure location," "less secure 
location," and "substantive," as recited in claim 1 are indefinite because the 
terms are "not defined by the claim, the specification does not provide a 
standard for ascertaining the requisite degree, and one of ordinary skill in the 
art would not be reasonably apprised of the scope of the invention" (Ans. 3- 
4). 

However, the fact that claim language, including terms of degree, may 
not be precise, does not automatically render the claim indefinite under 35 
U.S.C. § 112, second paragraph. Seattle Box Co. v. Industrial Crating & 
Packing, Inc., 731 F.2d 818 (Fed. Cir. 1984). Rather, whether claim terms 
are indefinite depends on whether one of ordinary skill in the art would 
understand what is claimed, in light of the Specification. In this case, we do 
not agree with the Examiner that one of ordinary skill in the art would not 
understand the meaning of the terms "secure" or "less secure" given the 
general level of knowledge in the art in light of the Specification. For 
example, the Specification discloses general techniques for securing a 
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network (see e.g., ff [0061] - [0074]). In addition, given the status of the art 
being well developed, we disagree with the Examiner that one of ordinary 
skill in the art would not have been reasonably apprised of the scope of the 
invention and the meaning of the term "secure," particularly given that the 
prior art (e.g., the Sudama reference) demonstrates that one of skill in the art 
would have understood the meaning of "secure" or "security" in the context 
of network security by also discloses network security. 

For similar reasons, we also do not agree with the Examiner that one 
of ordinary skill in the art would not have understood the term "substantive." 
The term, "substantive," while a broad term, would have been understood by 
one of ordinary skill in the art given the general meaning of the term to 
include, for example, anything of importance or relevance. See, e.g., 
Andrew Corp. v. Gabriel Electronics, Inc., 847 F.2d 819 (Fed Cir. 1988). 
Breadth of a claim is not to be equated with indefiniteness. In re Miller, 441 
F.2d 689 (CCPA1971). 

We therefore conclude that the Examiner erred in rejecting claims 1- 
61 and 72-87 as being indefinite. 

(2) Claim I - prior art re jections 

Appellants argue that Sudama fails to disclose a secure (or less 
secure) location as claimed because "physicality is inherent" (Reply Br. 4). 
However, as the Specification discloses, a "secure location" may include, for 
example, "logical security" or "physical security" (f [0015]). Since the 
security at a location need not necessarily be "physical security" (i.e., may 
instead be "logical security"), we disagree with Appellants' argument that 
the claimed secure (or less secure) location is inherently a physical location. 
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Appellants also argue that "Sudama also fails to teach . . . 
'determining a first list of nodes that may send or receive substantive 
communication in the secure network'" (App. Br. 18) because: 

1) "[t]rusted routing paths have nothing to do with a list of all 
devices allowed to send or receive substantive communication in a secure 
network" (App. Br. 18), 

2) "Sudama' s list does not foreclose the possibility of other hosts 
engaging in substantive communication on the network" (App. Br. 18), 

3) "one of ordinary skill in the art would understand 'substantive 
communication' to be distinct from system overhead" (Reply Br. 5), and 

4) Sudama fails to disclose "[any type of] substantive 
communication" (Reply Br. 5). 

However, Sudama discloses a "list of hosts for performing specified 
functions . . . [including] trusted routing paths between the management 
servers" (col. 5, 11. 21-24) and that if a trusted path exists between two 
devices, "the originating management server transfers the management 
operation to the designated management server . . . specified by the 
database" (col. 5, 11. 25-28). Since Sudama' s "trusted routing path" indicates 
whether a device is allowed to send or receive a communication and 
indicates the transmission path over which the communication is 
transmitted, we are not persuaded by Appellants' argument that Sudama 
supposedly fails to disclose this feature. Also, we find Appellants' argument 
unavailing that the list in Sudama "does not foreclose the possibility of other 
hosts" since even if Appellants' statement is true, Sudama, as described 
above, nevertheless discloses a list of trusted routing paths (over which 
"substantive communication" may be transmitted) between specific devices. 
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While Appellants argue that "one of ordinary skill in the art would 
understand 'substantive communication' to be distinct from system 
overhead" (Reply Br. 5), Appellants do not provide a specific or specialized 
definition of the term "substantive communication" or adequate reasons as 
to why a "substantive communication" would not be understood by one of 
ordinary skill in the art to include "system overhead." In addition, claim 1 
does not recite "system overhead." Similarly, Appellants argue that Sudama 
fails to disclose "any type of substantive communication" (Reply Br. 5) but 
claim 1 does not recite "any type of substantive communication." 

We therefore conclude that the Examiner did not err in finding that 
Sudama discloses the disputed limitation recited in claim 1, and claims 2-34, 
which depend therefrom, with respect to this issue. 

(3) Claim 35 

Appellants argue that Sudama fails to disclose "a primary 
configuration node [that] exclusively controls a defined set of management 
functions throughout the network" (App. Br. 19). However, we agree with 
the Examiner that Sudama discloses this feature for reasons set forth by the 
Examiner (Ans. 22). 

Appellants also argue that Sudama fails to disclose "specifying [all] 
nodes or ports that may send or receive [any] substantive communication" 
(Reply Br. 5) and that one of skill in the art would interpret claim 35 to 
include the additional terms because "any other interpretation would render 
the memory unsuitable for its use in controlling access to the secure 
network" (Reply Br. 6). However, Appellants do not provide sufficient 
reasons as to why specifying nodes that may send or receive substantive 
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communications would render the node unsuitable for use while specifying 
all nodes that may send or receive any substantive communication would 
not. In fact, Appellants do not identify any substantive reasons why either 
interpretation would render the claimed device unsuitable. Further, 
Appellants argue additional terminology that is not recited in the claim. 

Thus, we find the Examiner did not err in rejecting claim 35, and 
claims 36-61, which depend therefrom. 

(4) Claim 73 

Appellants argue that "Sudama contains no teaching or suggestion of 
maintaining a list of all devices allowed on the network" (App. Br. 21). 
Claim 73 recites one or more pre-designated devices for facilitating 
management- level control and all of said devices carrying a listing of all 
devices allowed on the network. 

As described above, Sudama discloses management servers that 
facilitate management-level control of the network and that each of the 
servers has a database (Fig. 1) that contains "lists of trusted relations 
between the management servers" (col. 8, 11. 8-9). Since the management 
servers of Sudama facilitate management-level control of the network, we 
agree with the Examiner that the management servers of Sudama constitute 
"pre-designated devices" that, as recited in claim 73, also facilitate 
management-level control of the network. Also, all of the pre-designated 
devices of Sudama (i.e., management servers) have a database that contains 
a list of devices (i.e., management servers and associated host devices - see 
Fig. 2) allowed on the network (i.e., trusted relations over which 
communication between devices may occur). We cannot agree with 
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Appellants' argument because Appellant does not demonstrate a difference 
between the management servers of Sudama and the claimed "pre- 
designated devices". 

Thus, the Examiner did not err in rejecting claim 73, and claims 74 
and 75, which depend therefrom. 

(5) Claims 2-6, 10-12, 36-40, and 44-46 

Appellants argue that Sudama fails to disclose "succession of the 
management entity" (App. Br. 22). Claims 2-6, 10-12, 36-40, and 44-46 
recite "succession of primary configuration node" (Claims App'x 30-39). 
The Examiner finds that Sudama discloses a succession of networked 
systems (i.e., S1-S4) "in a downstream manner" (Ans. 25) and, hence, 
discloses succession of a primary configuration node. We agree with the 
Examiner. 

As described above, Sudama discloses management servers with 
databases that store lists of trusted relations over which devices 
communicate data. Also, management servers are configured in series (i.e., 
in succession) such that data flows downstream but not upstream (e.g., col. 
8, 11. 46-55). Since the databases in each of the management servers contain 
information pertaining to the relations over which data is transmitted 
between devices and the devices are configured in succession with data 
flowing to successive devices, the lists in the management servers contain 
information corresponding to succession of a node in the system (i.e., the 
position in succession of the node in the system). 

Appellants argue that "if management server Ml [of Sudama] failed, 
management server M2 . . . would not be able to succeed Ml . . . because 
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there is no path for management operations to flow upstream" (Reply Br. 6). 
However, management server M2 would still "succeed" Ml in Sudama since 
M2 is configured to follow (i.e., "succeed") Ml in the network 
configuration. In addition, if server Ml in Sudama failed as Appellants 
suggest, M2 would then be the highest located operational server in the 
hierarchical topology and no data would flow upstream since there would be 
no device to receive such data. 

Thus, the Examiner did not err in rejecting claims 2-6, 10-12, 36-40, 
and 44-46. 

(6) Claims 13 and 47 

Appellant argues that Sudama fails to disclose "that management 
access be allowed only from designated nodes" (App. Br. 23). Claim 13 
recites "allowing no management access to secure network from nodes 
located in said less secure locations" (Claims App'x 33). The Examiner 
finds that Sudama discloses a network in which nodes in a network "cannot 
send management operations upstream" (Ans. 25) and hence, are not 
allowed management access to the designated (upstream) nodes. Appellants 
do not respond to this finding. We agree with the Examiner for reasons set 
forth by the Examiner. 

In addition, we note that claim 47 does not recite "management access 
be allowed only from designated nodes" (App. Br. 23) as Appellants assert. 

Thus, the Examiner did not err in rejecting claims 13 and 47, and 
claim 14-17 and 48-51, which depend therefrom. 
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(7) Claims 18, 19, 52, and 53 

Appellants argue that Sudama fails to disclose a list "distributed to 
every node in the secure network" (App. Br. 23). The Examiner finds that 
Sudama discloses "lists are stored locally at every .... 'node' S1-S4 
[containing] one of the management servers M1-M4" (Ans. 26). 

Appellants argue that "the meaning of the term 'nodes' . . . is . . . 
inconsistent with" the devices in S1-S4 of Sudama (Reply Br. 7) but 
Appellants do not provide a specific definition of the term "node" or indicate 
an explicit definition of the term "node" in the Specification that is different 
from the devices of Sudama. Since network "nodes" construed broadly but 
reasonably may include, for example, any devices that manage or transmit 
data in the network and since the devices in each of S1-S4 of Sudama 
manages or transmits data, Appellant does not demonstrate a difference 
between the devices in S1-S4 of Sudama and the claimed "nodes." Nor have 
Appellants indicated any substantial differences. 

Thus, the Examiner did not err in rejecting claims 18, 19, 52, and 53, 
and claim 20, 21, 54, and 55, which depend therefrom. 



(8) Claims 76-78 

Appellants argue that Sudama fails to disclose or suggest "a channel 
that can be disabled" (Reply Br. 7) but discloses, instead, "a channel that 
does not exist" (App. Br. 25) while the Examiner finds that Sudama 
discloses or suggests upstream logical paths that "exist ... but the lists 
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'disable' these paths" (Ans. 27). Claim 76 recites a "logical management 
access channel that may be disabled" (Claims App'x 42). 

We disagree with Appellants' contention that Sudama fails to disclose 
or suggest a channel that is disabled. Rather, Sudama discloses a path that 
exists (as illustrated in Fig. 2) but that "no trusted path exists for routing 
management operations upstream" (col. 8, 11. 54-55) (emphasis added). As 
Sudama discloses, when a trusted path does not exist, then devices "cannot 
transmit a management operation" (col. 8, 1. 56) over the path (because the 
path is not a trusted path). Given the fact that the existing (not trusted) path 
is not operational, we agree with the Examiner that it would at least have 
been obvious to one of ordinary skill in the art to utilize a non-operational 
path as a "disabled" path since one of ordinary skill in the art would have 
understood that both a non-operational path and a "disabled" path are non- 
functional in terms of transmission of data. 

For at least the above reasons, we find no error with respect to this 
issue with the Examiner's 35 U.S.C. § 103(a) rejection of claims 76-78. 

(9} Claims 79-87 

Appellants argue that Sudama fails to disclose a list indicating devices 
that may operate as a network configuration entity and a list that indicates 
each device allowed to participate in a secure network (App. Br. 26) while 
the Examiner finds that Sudama discloses both a list that specifies "the only 
device which can perform management operations" (Ans. 27) (i.e., the 
claimed NCE list that indicates devices that may operate as a network 
configuration entity) and a list that indicates devices where "[t]he simple 
presence of the device being on [the list] ... is an indication that it is 



13 



Appeal 2009-006639 
Application 10/062,125 

allowed to participate in the secure network" (Ans. 28) (i.e., the claimed 
SCC list that indicates devices that are allowed to participate in a network). 
We agree with the Examiner for reasons set forth by the Examiner. 
Appellant does not sufficiently refute the Examiner's findings with regard to 
this issue. 

For at least the above reasons, we find no error with respect to this 
issue with the Examiner's 35 U.S.C. § 103(a) rejection of claims 79-87. 

CONCLUSIONS OF LAW 
Based on the findings of facts and analysis above, we find no error in 
the Examiner's rejection of claims 1-13, 17-19, 35-47, 51-53, and 73 as 
being anticipated by Sudama or claims 14-16, 20-34, 48-50, 54-61, 72-87 as 
being unpatentable over Sudama and any one of FIPS, Fischer, Thapar, or 
APA. However, we find the Examiner erred in rejecting claims 1-61 and 72- 
87 as being indefinite. 

DECISION 

We affirm the Examiner's decisions rejecting claims 1-13, 17-19, 35- 
47, 51-53, and 73 under 35 U.S.C. § 102(b), and claims 14-16, 20-34, 48-50, 
54-61, 72, 74-87 under 35 U.S.C. § 103(a). We reverse the Examiner's 
rejection of claims 1-61 and 72-87 under 35 U.S.C. § 1 12 second paragraph. 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). 

AFFIRMED 



14 



